Forgot your password?
typodupeerror
Botnet Security IT

Kelihos Botnet Comes Back To Life 97

Posted by samzenpus
from the always-put-one-in-the-brain dept.
angry tapir writes "A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it. The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams. But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a "sinkhole," or a computer they controlled."
This discussion has been archived. No new comments can be posted.

Kelihos Botnet Comes Back To Life

Comments Filter:
  • by Tom (822) on Thursday February 02, 2012 @08:14PM (#38910135) Homepage Journal

    The reason these assholes can run all over us is that too few of those involved care. I am very happy that MS has started to care, and it's probably the only good thing they've done all century, but it really is a powerful signal.

    The next people who need to start caring are the ISPs. Just recently I complained to my own ISP that they are hosting the actual website that the spam I get is advertising. They told me to use the "unsubscribe" link. Yeah, right. Living under a nice rock there, customer service idiot?

    I'm all for making ISPs responsible if they knowingly host spammers. I'm for vigilante action at this point, as nothing else seems to work. Get Anonymous on the subject. Blast the ISPs who say "fuck off" when you point out that they have a spammer in their hosting center off the 'net.

    We all know that there is no single, simple solution to the issue. So instead of looking for it, why not combine all the imperfect, partial solutions we have? Let MS & Co. take down the botnets. Put pressure on the CC companies to stop dealing with them. Make the banks liable and cut off the money flow. Make the ISPs care and make it harder (thus more expensive) for the spammers to find a home. Shoot some spammers. Shoot some idiots who keep them in business by buying from them. Sacrifice a goat, stick needles in a puppet and pray to your god(s). Do it all at once.

  • Re:commons (Score:5, Interesting)

    by shikitohno (2559719) on Thursday February 02, 2012 @08:15PM (#38910145)
    It's possible simply because law enforcement, particularly where property is concerned, doesn't exist to protect the common man. Law enforcement and property law exist to protect the rich from the common folk. Protecting your average joe is outside the scope of their purpose, so they won't bother to do it. Now if you could write a spam bot that exclusively targeted Disney or the UMG and their employees, and caused those groups to lose even the slightest amount of money, I wouldn't be surprised to see some overkill operation taken by the police to find out who was behind it. Then they'd wind up looking at serious jail time and fines, for the crime of having picked the wrong victim.
  • by nman64 (912054) * on Thursday February 02, 2012 @08:24PM (#38910243) Homepage

    There are plenty of rules that could be set up to prevent rogue systems from sending spam, but the problem is with getting network operators and individual server administrators on board. Trying to get all network operators (or ISPs) around the world doing something is like herding cats. Trying to get all individual server administrators to do something is like herding millions of catnip-infused cats.

    Your thought about MX records is not quite right. There is a difference between servers that recieve mail (which should be pointed to by MX records) and servers that send mail (which should have valid PTR records in reverse DNS for their IP). While a single server may perform both duties, that is not by any means guaranteed. One action that would block a large number of infected systems from delivering their spam would be receiving mail servers blocking all mail from senders that do not have a valid RDNS record. This is the correct version of your proposal, and some major providers already do this. An even greater benefit could be achieved if all ISPs were to block outbound traffic headed for TCP port 25 by default, requiring subscribers to "opt-in" to initiate port 25 traffic. Some ISPs already do this, but far too many do not. Yet another good measure would be for recipients to block mail from servers that fail to identify themselves with a valid fully-qualified domain name in their HELO message and require that domain to resolve by DNS. Like the RDNS solution, this would require all legitimate mail server operators to set their sending servers up properly. As more receiving operators start blocking non-compliant mail servers, we may slowly push more sending server operators to do things right, but it is a long, slow process when users demand that every legitimate message get through.

  • by mortonda (5175) on Thursday February 02, 2012 @09:05PM (#38910619)

    MX record is inbound only. period.

    However, ISP's could block outbound port 25 unless using their servers (such as my cable company) and/or make arrangements for a particular IP range to be outgoing mail servers. That starts to make sending servers a little more accountable.

    If you need to send mail direct to a server outside this network, use ssl and submission port, not port 25.

  • by Anonymous Coward on Thursday February 02, 2012 @09:49PM (#38910927)

    Your post advocates a

    (X) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    (X) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    ( ) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    ( ) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    (X) Lack of centrally controlling authority for email
    (X) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    (X) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    (X) Willingness of users to install OS patches received by email
    (X) Armies of worm riddled broadband-connected Windows boxes
    (X) Eternal arms race involved in all filtering approaches
    (X) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    (X) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    ( ) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    (X) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    (X) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!

Thus spake the master programmer: "When a program is being tested, it is too late to make design changes." -- Geoffrey James, "The Tao of Programming"

Working...